Win32.trojandownloader.zlob?

axonais, le mercredi 21 novembre 2007 à 08:41:08

Bonjour,
mon PC est manifestement infecté, peut-être par win32.trojandownloader.zlob ou downloader.Conhook.hl?

j'ai utilisé différentes procédures trouvées sur ke forum, dont SmartFraudFix, mais rien n'y fait... il reste bombardé d'alertes de sécurité me proposant divers téléchargements...

voici les rapports:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:36:42 20/11/2007

+ Résultat de l'analyse:

C:\Documents and Settings\Anthony_2\Cookies\anthony_2@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@m.webtrends[2].txt -> TrackingCookie.Webtrends : Aucune action entreprise.
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
C:\Documents and Settings\Anthony_2\Cookies\anthony_2@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

Fin du rapport

BitDefender Online Scanner -Scan ReportBitDefender Online Scanner
Scan report generated at: Wed, Nov 21, 2007 - 00:40:09

Scan path: A:\;C:\;D:\;E:\;F:\;

Statistics
Time03:16:30
Files425557
Folders9607
Boot Sectors4
Archives15529
Packed Files16687

Results
Identified Viruses 11
Infected Files 22
Suspect Files 0
Warnings0
Disinfected0
Deleted Files27

Engines Info
Virus Definitions878637
Engine buildAVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins14
Archive plugins38
Unpack plugins7
E-mail plugins6
System plugins1

Scan Settings
First ActionDisinfect
Second ActionDelete
HeuristicsYes
Enable WarningsYes
Scanned Extensions*;
Exclude Extensions
Scan EmailsYes
Scan ArchivesYes
Scan PackedYes
Scan FilesYes
Scan BootYes

Scanned File Status
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\0226082B.class=>(Quarantine-2)Infected with:
Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\0226082B.class=>(Quarantine-2)Disinfection
failed
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\0226082B.class=>(Quarantine-2)Deleted
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\02293228.class=>(Quarantine-2)Infected with:
Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\02293228.class=>(Quarantine-2)Disinfection
failed
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\02293228.class=>(Quarantine-2)Deleted
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\0C7061B9.class=>(Quarantine-2)Infected with:
Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\0C7061B9.class=>(Quarantine-2)Disinfection
failed
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\0C7061B9.class=>(Quarantine-2)Deleted
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\11832A68.class=>(Quarantine-2)Infected with:
Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\11832A68.class=>(Quarantine-2)Disinfection
failed
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\11832A68.class=>(Quarantine-2)Deleted
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\31F31313.class=>(Quarantine-2)Infected with:
Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\31F31313.class=>(Quarantine-2)Disinfection
failed
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\31F31313.class=>(Quarantine-2)Deleted
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\5027228A.class=>(Quarantine-2)Infected with:
Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\5027228A.class=>(Quarantine-2)Disinfection
failed
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\5027228A.class=>(Quarantine-2)Deleted
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\61376306.class=>(Quarantine-2)Infected with:
Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\61376306.class=>(Quarantine-2)Disinfection
failed
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\61376306.class=>(Quarantine-2)Deleted
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\648D46C6.class=>(Quarantine-2)Infected with:
Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\648D46C6.class=>(Quarantine-2)Disinfection
failed
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\648D46C6.class=>(Quarantine-2)Deleted
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\6CF84F31.class=>(Quarantine-2)Infected with:
Java.Trojan.Exploit.Bytverify2.Gen
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\6CF84F31.class=>(Quarantine-2)Disinfection
failed
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\6CF84F31.class=>(Quarantine-2)Deleted
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\741E1F9C.class=>(Quarantine-2)Infected with:
Trojan.Java.Classloader.C
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\741E1F9C.class=>(Quarantine-2)Disinfection
failed
C:\Documents and Settings\Administrateur\Bureau\anthony\Program
Files\Norton Internet Security\Norton
AntiVirus\Quarantine\741E1F9C.class=>(Quarantine-2)Deleted
C:\Documents and Settings\Anthony_2\Local
Settings\Temp\image28.zip=>image28-www.photobucket.comInfected with:
Trojan.Peed.Gen
C:\Documents and Settings\Anthony_2\Local
Settings\Temp\image28.zip=>image28-www.photobucket.comDisinfection
failed
C:\Documents and Settings\Anthony_2\Local
Settings\Temp\image28.zip=>image28-www.photobucket.comDeleted
C:\Documents and Settings\Anthony_2\Local
Settings\Temp\image28.zipUpdated
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\CPYRK1YZ\in30[1].exeInfected with:
Trojan.Peed.Gen
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\CPYRK1YZ\in30[1].exeDisinfection failed
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\CPYRK1YZ\in30[1].exeDeleted
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\CPYRK1YZ\pochki20071106[1]Infected with:
Trojan.Fotomoto.F
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\CPYRK1YZ\pochki20071106[1]Disinfection
failed
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\CPYRK1YZ\pochki20071106[1]Deleted
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\FSKKGZZM\ptch[1]Infected with:
Trojan.Vundo.DQO
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\FSKKGZZM\ptch[1]Disinfection failed
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\FSKKGZZM\ptch[1]Deleted
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\KDEVS5Q3\mosx1024[1]Infected with:
Trojan.Downloader.Conhook.BI
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\KDEVS5Q3\mosx1024[1]Deleted
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\KDEVS5Q3\poiu[1]Infected with:
Trojan.Clicker.MNB
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\KDEVS5Q3\poiu[1]Disinfection failed
C:\Documents and Settings\Anthony_2\Local Settings\Temporary
Internet Files\Content.IE5\KDEVS5Q3\poiu[1]Delete failed
C:\WINDOWS\Downloaded Program Files\Account.dllInfected with:
Trojan.Dloader.YH
C:\WINDOWS\Downloaded Program Files\Account.dllDisinfection failed
C:\WINDOWS\Downloaded Program Files\Account.dllDeleted
C:\WINDOWS\system32\awtspol.dllInfected with: Trojan.Inject.ET
C:\WINDOWS\system32\awtspol.dllDisinfection failed
C:\WINDOWS\system32\awtspol.dllDelete failed
C:\WINDOWS\system32\fviqhlgu.dllInfected with: Trojan.Vundo.DQO
C:\WINDOWS\system32\fviqhlgu.dllDisinfection failed
C:\WINDOWS\system32\fviqhlgu.dllDelete failed
C:\WINDOWS\system32\sksilwpl.exeInfected with: Trojan.Fotomoto.F
C:\WINDOWS\system32\sksilwpl.exeDisinfection failed
C:\WINDOWS\system32\sksilwpl.exeDeleted
C:\WINDOWS\system32\smtsvc.exeInfected with:
DeepScan:Generic.Malware.SIdld!.0F2DE431
C:\WINDOWS\system32\smtsvc.exeDisinfection failed
C:\WINDOWS\system32\smtsvc.exeDelete failed
C:\WINDOWS\system32\__c0091504.datInfected with:
Trojan.Downloader.Conhook.BI
C:\WINDOWS\system32\__c0091504.datDisinfection failed
C:\WINDOWS\system32\__c0091504.datDelete failed

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:44:57, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\USB Card RW\shwicon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\smtsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fexutdyn.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ShowIcon_KingByte_USB Card RW v1.14e045] "C:\Program Files\USB Card RW\shwicon.exe" -t"KingByte\USB Card RW v1.14e045"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OmniPage] C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB002" /M "Stylus D68"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB003" /M "Stylus CX3600"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [System Terminal Storage] smtsvc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [e838bfc1] rundll32.exe "C:\WINDOWS\system32\irekbasa.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B0A451A6-A5A6-11D4-A790-0010A4E6086F} (GettyFinder2 Control) - file://D:\activex\GettyFinder2.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0091504.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\snhnxfpv.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
End of file - 11539 bytes

merci à l'avance de m'aider

Configuration: Windows XP
Internet Explorer 6.0

Répondre à axonais Signaler ce message aux modérateurs Aller au dernier message

37 réponses 12

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

moi29, le mercredi 21 novembre 2007 à 09:25:04

démarre en mode sans échec et supprime tous tes cookies
C:\Documents and Settings\Anthony_2\Cookies\
et aussi tout tes fichiers temp
c:/windows/temp/
C:\Documents and Settings\Anthony_2\temp
télécharge ccleaner pour tous nettoyer

Répondre à moi29

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

moi29, le mercredi 21 novembre 2007 à 09:28:57

http://www.supprimer-spyware.org/zlob.html?gclid=CPb9oJLC7Y8CFQlIMAodyj-HGw

Répondre à moi29

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

^^Marie^^, le mercredi 21 novembre 2007 à 09:41:08

Salut

Tu es surtout infecté par Vundo

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaitra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT
créé sur le bureau dans ta prochaine réponse

Et un nouveau log Hijacthis

A++

Edit ►

C - Ccleaner :
(nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc.)

* Télécharge CCleaner.

http://www.pcastuces.com/logitheque/ccleaner.htm
Installe le dans un répertoire dédié.
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner
* Lance Ccleaner pour un nettoyage complet.
Tutorial ici:
http://kerio.probb.fr/...
http://www.malekal.com/tutorial_CCleaner.html
ET
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

Je suis entrée dans CCM, La cigarette dans une main,
Les Tongs dans l’autre main, Les ***** nus sous la chemise

Répondre à ^^Marie^^

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

axonais, le mercredi 21 novembre 2007 à 13:09:07

j'ai fait la procédure de ta premiere réponse, ça a l'air de fonctionner

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 11:51:07 21/11/2007

Listing files found while scanning....

C:\windows\system32\annyhlui.dllbox
C:\windows\system32\dftyhcyv.dll
C:\windows\system32\fexutdyn.dll
C:\windows\system32\fexutdyn.dllbox
C:\windows\system32\jjllm.ini
C:\windows\system32\jjllm.ini2
C:\windows\system32\mlljj.dll

Beginning removal...

Attempting to delete C:\windows\system32\annyhlui.dllbox
C:\windows\system32\annyhlui.dllbox Has been deleted!

Attempting to delete C:\windows\system32\dftyhcyv.dll
C:\windows\system32\dftyhcyv.dll Has been deleted!

Attempting to delete C:\windows\system32\fexutdyn.dll
C:\windows\system32\fexutdyn.dll Has been deleted!

Attempting to delete C:\windows\system32\fexutdyn.dllbox
C:\windows\system32\fexutdyn.dllbox Has been deleted!

Attempting to delete C:\windows\system32\jjllm.ini
C:\windows\system32\jjllm.ini Has been deleted!

Attempting to delete C:\windows\system32\jjllm.ini2
C:\windows\system32\jjllm.ini2 Has been deleted!

Attempting to delete C:\windows\system32\mlljj.dll
C:\windows\system32\mlljj.dll Has been deleted!

Performing Repairs to the registry.
Done!

[11/21/2007, 12:33:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Anthony_2\Bureau\VirtumundoBeGone.exe" )
[11/21/2007, 12:33:49] - Detected System Information:
[11/21/2007, 12:33:49] - Windows Version: 5.1.2600, Service Pack 2
[11/21/2007, 12:33:49] - Current Username: Anthony_2 (Admin)
[11/21/2007, 12:33:49] - Windows is in NORMAL mode.
[11/21/2007, 12:33:49] - Searching for Browser Helper Objects:
[11/21/2007, 12:33:49] - BHO 1: {162C6BC2-E852-4D45-B139-E8A6737F1054} ()
[11/21/2007, 12:33:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 12:33:49] - Checking for HKLM\...\Winlogon\Notify\awtspol
[11/21/2007, 12:33:49] - Found: HKLM\...\Winlogon\Notify\awtspol - This is probably Virtumundo.
[11/21/2007, 12:33:49] - Assigning {162C6BC2-E852-4D45-B139-E8A6737F1054} MSEvents Object
[11/21/2007, 12:33:49] - BHO list has been changed! Starting over...
[11/21/2007, 12:33:49] - BHO 1: {162C6BC2-E852-4D45-B139-E8A6737F1054} (MSEvents Object)
[11/21/2007, 12:33:49] - ALERT: Found MSEvents Object!
[11/21/2007, 12:33:49] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/21/2007, 12:33:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 12:33:50] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/21/2007, 12:33:50] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/21/2007, 12:33:50] - BHO 3: {741343AE-EBB1-44E0-9D07-A53C4BE11EA8} ()
[11/21/2007, 12:33:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 12:33:50] - Checking for HKLM\...\Winlogon\Notify\ddcyx
[11/21/2007, 12:33:50] - Key not found: HKLM\...\Winlogon\Notify\ddcyx, continuing.
[11/21/2007, 12:33:50] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/21/2007, 12:33:50] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/21/2007, 12:33:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 12:33:50] - No filename found. Continuing.
[11/21/2007, 12:33:50] - BHO 6: {9c7f71fe-0820-4558-b4c8-188695c94cda} ()
[11/21/2007, 12:33:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 12:33:50] - Checking for HKLM\...\Winlogon\Notify\fviqhlgu
[11/21/2007, 12:33:50] - Key not found: HKLM\...\Winlogon\Notify\fviqhlgu, continuing.
[11/21/2007, 12:33:50] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/21/2007, 12:33:50] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/21/2007, 12:33:50] - BHO 9: {C0A70477-A576-4A9F-AE6C-5AE3072A5629} ()
[11/21/2007, 12:33:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 12:33:50] - Checking for HKLM\...\Winlogon\Notify\mlljj
[11/21/2007, 12:33:51] - Key not found: HKLM\...\Winlogon\Notify\mlljj, continuing.
[11/21/2007, 12:33:51] - BHO 10: {d0a5375d-d6a5-4cff-abf0-cd9b4e517736} ()
[11/21/2007, 12:33:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 12:33:51] - Checking for HKLM\...\Winlogon\Notify\charaxjy
[11/21/2007, 12:33:51] - Key not found: HKLM\...\Winlogon\Notify\charaxjy, continuing.
[11/21/2007, 12:33:51] - Finished Searching Browser Helper Objects
[11/21/2007, 12:33:51] - *** Detected MSEvents Object
[11/21/2007, 12:33:51] - Trying to remove MSEvents Object...
[11/21/2007, 12:33:52] - Terminating Process: IEXPLORE.EXE
[11/21/2007, 12:33:52] - Terminating Process: RUNDLL32.EXE
[11/21/2007, 12:33:53] - Disabling Automatic Shell Restart
[11/21/2007, 12:33:53] - Terminating Process: EXPLORER.EXE
[11/21/2007, 12:33:53] - Suspending the NT Session Manager System Service
[11/21/2007, 12:33:54] - Terminating Windows NT Logon/Logoff Manager
[11/21/2007, 12:33:54] - Re-enabling Automatic Shell Restart
[11/21/2007, 12:33:54] - File to disable: C:\WINDOWS\system32\awtspol.dll
[11/21/2007, 12:33:54] - Renaming C:\WINDOWS\system32\awtspol.dll -> C:\WINDOWS\system32\awtspol.dll.vir
[11/21/2007, 12:33:54] - File successfully renamed!
[11/21/2007, 12:33:54] - Removing HKLM\...\Browser Helper Objects\{162C6BC2-E852-4D45-B139-E8A6737F1054}
[11/21/2007, 12:33:54] - Removing HKCR\CLSID\{162C6BC2-E852-4D45-B139-E8A6737F1054}
[11/21/2007, 12:33:54] - Adding Kill Bit for ActiveX for GUID: {162C6BC2-E852-4D45-B139-E8A6737F1054}
[11/21/2007, 12:33:54] - Deleting ATLEvents/MSEvents Registry entries
[11/21/2007, 12:33:54] - Removing HKLM\...\Winlogon\Notify\awtspol
[11/21/2007, 12:33:54] - Searching for Browser Helper Objects:
[11/21/2007, 12:33:54] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/21/2007, 12:33:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 12:33:54] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/21/2007, 12:33:54] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/21/2007, 12:33:54] - BHO 2: {741343AE-EBB1-44E0-9D07-A53C4BE11EA8} ()
[11/21/2007, 12:33:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 12:33:54] - Checking for HKLM\...\Winlogon\Notify\ddcyx
[11/21/2007, 12:33:55] - Key not found: HKLM\...\Winlogon\Notify\ddcyx, continuing.
[11/21/2007, 12:33:55] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/21/2007, 12:33:55] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/21/2007, 12:33:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 12:33:55] - No filename found. Continuing.
[11/21/2007, 12:33:55] - BHO 5: {9c7f71fe-0820-4558-b4c8-188695c94cda} ()
[11/21/2007, 12:33:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 12:33:55] - Checking for HKLM\...\Winlogon\Notify\fviqhlgu
[11/21/2007, 12:33:55] - Key not found: HKLM\...\Winlogon\Notify\fviqhlgu, continuing.
[11/21/2007, 12:33:55] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/21/2007, 12:33:55] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[11/21/2007, 12:33:55] - BHO 8: {C0A70477-A576-4A9F-AE6C-5AE3072A5629} ()
[11/21/2007, 12:33:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 12:33:55] - Checking for HKLM\...\Winlogon\Notify\mlljj
[11/21/2007, 12:33:55] - Key not found: HKLM\...\Winlogon\Notify\mlljj, continuing.
[11/21/2007, 12:33:55] - BHO 9: {d0a5375d-d6a5-4cff-abf0-cd9b4e517736} ()
[11/21/2007, 12:33:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/21/2007, 12:33:55] - Checking for HKLM\...\Winlogon\Notify\charaxjy
[11/21/2007, 12:33:55] - Key not found: HKLM\...\Winlogon\Notify\charaxjy, continuing.
[11/21/2007, 12:33:55] - Finished Searching Browser Helper Objects
[11/21/2007, 12:33:55] - Finishing up...
[11/21/2007, 12:33:55] - A restart is needed.
[11/21/2007, 12:34:05] - Attempting to Restart via STOP error (Blue Screen!)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:30, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\USB Card RW\shwicon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\smtsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\annyhlui.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ShowIcon_KingByte_USB Card RW v1.14e045] "C:\Program Files\USB Card RW\shwicon.exe" -t"KingByte\USB Card RW v1.14e045"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OmniPage] C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB002" /M "Stylus D68"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB003" /M "Stylus CX3600"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [System Terminal Storage] smtsvc.exe
O4 - HKLM\..\Run: [e838bfc1] rundll32.exe "C:\WINDOWS\system32\rstchruv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B0A451A6-A5A6-11D4-A790-0010A4E6086F} (GettyFinder2 Control) - file://D:\activex\GettyFinder2.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0036384.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
End of file - 10558 bytes

j'ai aussi lancé un nettoyage par CCleaner

je vais voir maintenant le pb de Java

@+ et merci

Répondre à axonais

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

^^Marie^^, le mercredi 21 novembre 2007 à 09:48:02

Re

Java\jre1.5.0_06

JAVA

http://www.java.com/fr/download/manual.jsp
A)- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

Ce qui veut dire que ta console Java n'est pas à jour !

Les mises à jour Java ne sont pas des mises à jour de confort ; ce sont des mises à jour de SÉCURITÉ .
Une vulnérabilité a été identifiée dans Sun JDK et JRE, elle pourrait être
exploitée par des attaquants distants afin de compromettre un système vulnérable.
Vas chez Java Sun < <http://www.java.com/fr/download/manual.jsp> >
et télécharge la dernière Version 6 Update3.
Après installation et redémarrage, vas dans le "panneau de configuration"/"Ajout-Suppr. de programmes" afin de désinstaller les anciennes versions.
Ceci pour récupérer de l'espace disque et éventuellement pour virer les failles présentes dans ces anciennes versions.
Retourne alors chez Java ci-dessus et clique sur le bouton "Vérifier l'installation" pour t'assurer que tout est en ordre.

Une fois JRE installé, dans votre « console de paramétrage », accessible depuis le « Panneau de configuration », choisir l’onglet "Java", puis dans "paramètres de l'application Java Runtime", clic sur bouton "afficher", vous accédez à cet écran."
Source: <http://www.libellules.ch/...
Vous pouvez « Désactiver la console = Ne pas lancer la console » et « Désactiver l'icône de la Systray depuis l'onglet "avancé" ( <http://www.java.com/fr/download/help/5000021000.xml> ).
Reste à supprimer dans "C:\" > "Program Files" > "Dossier Java" le vieux dossier qui n'est pas ôter lors de la désinstallation.

Je suis entrée dans CCM, La cigarette dans une main,
Les Tongs dans l’autre main, Les ***** nus sous la chemise

Répondre à ^^Marie^^

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

^^Marie^^, le mercredi 21 novembre 2007 à 13:40:55

Installe Java et tu me refais un log Hijacthis en le renommant
stp

Fais un clic droit sur hijackthis, choisis "renommer" marque : abcde.exe
Puis remet un rapport stp

Je suis entrée dans CCM, La cigarette dans une main,
Les Tongs dans l’autre main, Les ***** nus sous la chemise

Répondre à ^^Marie^^

Ce message vous semble utile, votez !
Signaler ce message aux modérateurs

axonais, le mercredi 21 novembre 2007 à 14:15:28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:55, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\USB Card RW\shwicon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\smtsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ShowIcon_KingByte_USB Card RW v1.14e045] "C:\Program Files\USB Card RW\shwicon.exe" -t"KingByte\USB Card RW v1.14e045"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OmniPage] C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB002" /M "Stylus D68"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB003" /M "Stylus CX3600"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [System Terminal Storage] smtsvc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [e838bfc1] rundll32.exe "C:\WINDOWS\system32\irekbasa.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B0A451A6-A5A6-11D4-A790-0010A4E6086F} (GettyFinder2 Control) - file://D:\activex\GettyFinder2.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0091504.dat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\snhnxfpv.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
End of file - 11420 bytes

2° rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:32, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\USB Card RW\shwicon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\smtsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ShowIcon_KingByte_USB Card RW v1.14e045] "C:\Program Files\USB Card RW\shwicon.exe" -t"KingByte\USB Card RW v1.14e045"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OmniPage] C:\PROGRA~1\Caere\OMNIPA~1.0\opware32.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB002" /M "Stylus D68"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB003" /M "Stylus CX3600"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [System Terminal Storage] smtsvc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [e838bfc1] rundll32.exe "C:\WINDOWS\system32\irekbasa.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (